Revised privacy policy

PRIVACY.md

@@ -1,10 +1,12 @@
-### Privacy policy for [git.m724.eu](/) ('service')
+### Privacy policy for [git.m724.eu](/) ('service', 'we')
 
-As of 23.01.2025
+As of 2.03.2025
 
 ---
 
-This service is provided as-is. While making reasonable efforts, no guarantes are made regarding uptime and security.
+While reasonable efforts are made to maintain the security and availability of this service, no guarantes are made regarding uptime and security.
+
+### Data storage
 
 To make this service useful, data is stored. Including, but not limited to:
 - your profile (email addresses, username, avatar, bio, etc.)
@@ -16,26 +18,63 @@ To make this service useful, data is stored. Including, but not limited to:
 This is retained for as long as your account exists. \
 When you delete your account, your commits are unlinked from your username. However, please note that your name and email may still be stored, as Git commit metadata.
 
-Cookies are used to maintain your session (whether you're logged in or not) and for security (to prevent CSRF attacks).
+Data is stored and processed in Poland.
 
-No data is shared to third parties.
+No data is shared to third parties, unless when required by law.
 
-Adhering to security standards:
+No data is used for profiling.
+
+
+#### Cookies
+Cookies are stored until you close your browser, unless specified otherwise.
+
+Cookies are used to:
+- maintain your session (whether you're logged in or not)
+  - If you log in and check to "Remember this device," a cookie will be stored for up to 31 days
+- for security (to prevent CSRF attacks)
+
+
+### Security
+
+Adherence to security standards:
 - there's a firewall
 - software is updated and maintenance is done periodically
 - passwords are hashed with argon2
 - server is in a closet only I have access to
-- frequent backups, stored by a third party, but encrypted locally
+- frequent backups, stored by a third party, encrypted before upload. Retained for up to 1 year.
 - [see more technical details](/git724/git724/src/branch/master/SERVER.md)
 
----
+In the event of a data breach affecting your personal information, we will notify you within 72 hours of becoming aware of the breach, if feasible, in accordance with applicable law.
 
-You can delete your account in [account settings](/user/settings/account)
 
-Data is stored and processed in Poland.
+### Legal basis for processing
+We process your data on the following legal bases:
+- Performance of contract: to provide you the service
+- Legitimate interest: for security and maintenance of the service
+- Consent: where explicitly requested
+
+
+### User rights
+Under applicable data protection laws, you have rights including:
+- Right to access your personal data
+- Right to correct inaccurate data
+- Right to erasure (right to be forgotten)
+- Right to restrict processing
+- Right to data portability
+
+To exercise these rights, please contact us. Contact information is provided below.
+
+You can also delete your account in [account settings](/user/settings/account) \
+When you delete your account, your commits are unlinked from your username. However, please note that your name and email may still be stored, as Git commit metadata.
+
+### Children's Privacy
+This service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we learn we have collected personal information from a child under 16, we will delete that information.
 
 ---
 
 This document may be modified at any time. If you wish to get notified about changes, [subscribe to the RSS feed of this file.](/git724/git724/rss/branch/master/PRIVACY.md)
 
-Contact: open an issue on this repo or email `privacy` at `m724.eu`
+### Contact
+There are multiple ways to contact us:
+- open an issue on this repo
+- email `privacy` at `m724.eu`